{{- $binaries := "/usr/bin/python3 /lib64/libz.so* /lib64/libexpat.so* /usr/lib64/libffi.so* /lib64/libcrypto.so* /lib64/libssl.so* /bin/grep /bin/sed /bin/sh /sbin/xtables-nft-multi /sbin/ip6tables-nft /sbin/ip6tables-nft-restore /sbin/ip6tables-nft-save /sbin/iptables-nft /sbin/iptables-nft-restore /sbin/iptables-nft-save /sbin/xtables-legacy-multi /sbin/iptables /sbin/iptables-restore /sbin/iptables-save /sbin/iptables-legacy /sbin/iptables-legacy-restore /sbin/iptables-legacy-save /sbin/ip6tables /sbin/ip6tables-restore /sbin/ip6tables-save /sbin/ip6tables-legacy /sbin/ip6tables-legacy-restore /sbin/ip6tables-legacy-save /usr/lib64/libnetfilter_conntrack.so*" }}
---
artifact: {{ $.ModuleName }}/{{ $.ImageName }}-binaries-artifact
from: {{ $.Images.BASE_ALT_DEV }}
shell:
  install:
    - /binary_replace.sh -i "{{ $binaries }}" -o /relocate
    - |
      for cmd in iptables iptables-save iptables-restore ip6tables ip6tables-save ip6tables-restore ip6tables-nft ip6tables-nft-restore ip6tables-nft-save iptables-nft iptables-nft-restore iptables-nft-save; do
        ln -f -s /iptables-wrapper "/relocate/sbin/${cmd}"
      done
      # broken symlinks are not imported from the artifact
      touch /iptables-wrapper
---
image: {{ .ModuleName }}/{{ .ImageName }}
fromImage: common/distroless
git:
  - add: /{{ $.ModulePath }}modules/450-{{ $.ModuleName }}/images/{{ $.ImageName }}/iptables-loop.py
    to: /iptables-loop.py
import:
- artifact: {{ $.ModuleName }}/{{ $.ImageName }}-binaries-artifact
  add: /relocate
  to: /
  before: setup
- artifact: {{ $.ModuleName }}/{{ $.ImageName }}-binaries-artifact
  add: /usr/lib64/python3
  to: /usr/lib64/python3
  before: setup
- artifact: {{ $.ModuleName }}/{{ $.ImageName }}-binaries-artifact
  add: /usr/lib64/python3.9
  to: /usr/lib64/python3.9
  before: setup
- artifact: {{ $.ModuleName }}/{{ $.ImageName }}-binaries-artifact
  add: /
  to: /
  includePaths:
  - lib64/iptables
  - lib64/libm*
  before: setup
- image: common/iptables-wrapper
  add: /iptables-wrapper
  to: /iptables-wrapper
  before: setup
